Search results matching tags 'SQL Server 2012' and 'security'http://sqlblog.com/search/SearchResults.aspx?o=DateDescending&tag=SQL+Server+2012,security&orTags=0Search results matching tags 'SQL Server 2012' and 'security'en-USCommunityServer 2.1 SP2 (Build: 61129.1)High-Availability White Papers and Resources for SQL Serverhttp://sqlblog.com/blogs/kevin_kline/archive/2012/07/26/high-availability-white-papers-and-resources-for-sql-server.aspxThu, 26 Jul 2012 15:00:00 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:44457KKline<div class="mceTemp" style="font-family:Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif;line-height:19px;"><div class="mceTemp"><a rel="attachment wp-att-2011" href="http://kevinekline.com/2012/07/26/high-availability-white-papers-and-resources-for-sql-server/charlotte-sql-ug/"><img class="size-medium wp-image-2011" title="Charlotte SQL UG" alt="" width="300" height="168" style="border:0px none;cursor:default;margin:0px;padding:0px;-webkit-user-drag:none;" src="http://kevinekline.com/wp-content/uploads/2012/07/Charlotte-SQL-UG-300x168.jpg"></a>In foreground, attendee makes dreaded "shoot myself" hand sign to the speaker.</div><p>I was just telling the good people of Charlotte about how they (and how YOU) need to read all things by Paul Randal (<a title="Paul Randal's Blog" href="http://www.sqlskills.com/BLOGS/paul/">blog</a>&nbsp;|&nbsp;<a title="Paul Randal's Twitter Feed" href="http://twitter.com/paulrandal">twitter</a>), except for all of his&nbsp;<a title="Maybe He Did Write a Romance Novel, Maybe He Didn't" href="http://www.amazon.com/forum/romance?cdForum=FxM42D5QN2YZ1D&amp;cdThread=Tx2769ZA6OCU1BD">cheesy romance novels</a>&nbsp;like&nbsp;<a title="Quite Possibly The Worst Romance Novel EVER" href="http://www.amazon.com/Caress-and-Conquer-ebook/dp/B006IUV50A/ref=sr_1_2?ie=UTF8&amp;qid=1343317555&amp;sr=8-2&amp;keywords=Caress+and+Conquer+by+Connie+Mason"><em>Caress and Conquer</em></a>&nbsp;written under the nom de plum of Connie Mason.</p><p>There's lots more good stuff from Paul, just not romantic.</p><p>This is a 'so-last-version' whitepaper describing &nbsp;five common high-availability and disaster-recovery architectures deployed by customers, along with a case study of each. Although the white paper is specific to SQL Server 2008 R2 and isn't updated for AlwaysOn features, it's still really, really good. &nbsp;It covers:</p><ul><li>Failover Clustering for High Availability with Database Mirroring for Disaster Recovery</li><li>Database Mirroring for High Availability and Disaster Recovery</li><li>Geo-Clustering for High Availability and Disaster Recovery</li><li>Failover Clustering for High Availability Combined with SAN-Based Replication for Disaster Recovery</li><li>Peer-to-Peer Replication for High Availability and Disaster Recovery</li></ul><p>You can get it from&nbsp;<a href="http://download.microsoft.com/download/5/B/D/5BD13FFA-5E34-4AE1-9AA0-C6E6951B8FC8/SQL%20Server%202008%20R2%20High%20Availability%20Architecture%20White%20Paper.docx">this link</a>. &nbsp;Not everything is transferable to new AlwaysOn technologies, but then again AlwaysOn is an Enterprise Edition feature. &nbsp;So the database mirroring recommendation can be upsized, in many if not all cases, to SQL Server 2012, while the SAN and peer-to-peer recommendations continue to hold fast.</p><p>In addition, I encourage you to get up to speed on AlwaysOn. &nbsp;There are two great AlwaysOn FAQs that I recommend.&nbsp; The first is Microsoft’s official AlwaysOn FAQ at&nbsp;<a href="http://msdn.microsoft.com/en-us/sqlserver/gg508768.aspx">http://msdn.microsoft.com/en-us/sqlserver/gg508768.aspx</a>.&nbsp; The second comes from my buddy and high-availability expert Allan Hirt (<a title="Allan Hirt, Mr. SQLHA" href="http://www.sqlha.com/">blog</a>&nbsp;|&nbsp;<a title="Allan Hirt's Twitter Feed" href="http://twitter.com/sqlha">twitter</a>) at&nbsp;<a href="http://www.sqlha.com/2012/04/13/allans-alwayson-availability-groups-faq/">http://www.sqlha.com/2012/04/13/allans-alwayson-availability-groups-faq/</a>.</p><p>To get started with AlwaysOn, check out&nbsp;<a href="http://msdn.microsoft.com/en-us/library/cc645581.aspx">http://msdn.microsoft.com/en-us/library/cc645581.aspx</a>.</p><p>Enjoy,</p><p>-Kev</p></div>Connect Digest : 2012-01-09http://sqlblog.com/blogs/aaron_bertrand/archive/2012/01/09/connect-digest-2012-01-09.aspxMon, 09 Jan 2012 14:50:00 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:40556AaronBertrand<p><font size="4">Hide databases from users who shouldn't be able to see them</font></p>
<p>This is a long-standing request from Erland Sommarskog which I've highlighted in previous digests. But the underlying problem keeps coming up in multiple venues, so I thought it would be good to call attention to the item one more time. Some will argue that the contained database feature provides a solution for this, but that only works well if you want to restrict a user to exactly one database, and only works well if your application is compatible with the limitations of the feature. Please comment on the item and explain how this feature will help you in your environment.</p>
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="http://connect.microsoft.com/SQLServer/feedback/details/273830/need-view-definition-permissions-per-database" title="http://connect.microsoft.com/SQLServer/feedback/details/273830/need-view-definition-permissions-per-database" target="_blank">#273830 : Need VIEW DEFINITION permissions per database</a><br> <br></p>
<p><font size="4">Contained Database users are people too</font></p>
<p>In playing with the contained database feature as a solution to Erland's concern above, I discovered an unfortunate bug: a database-level user (with password) who has connected to their contained database using SSMS will not enjoy most of the important IntelliSense features. I'm highlighting this Connect item not so that you can vote for it, but rather just to be sure you're aware of this limitation if you intend to utilize contained databases in the short term. As an side effect, I also discovered that there doesn't exist a straightforward way to set up a contained user that can bypass the password policy in place, unlike server-level logins (where you can say CHECK_POLICY = OFF). Personally I think they got this backwards - logins are the security entity where you want to make it harder to implement simple passwords. If you want a contained user with a simple password, you can create a server-level login, associate it with a database user, and then use sp_migrate_user_to_contained (note that I haven't tried this).<br></p>
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="http://connect.microsoft.com/SQLServer/feedback/details/717063/ssms-intellisense-does-not-function-for-a-contained-user" title="http://connect.microsoft.com/SQLServer/feedback/details/717063/ssms-intellisense-does-not-function-for-a-contained-user" target="_blank">#717063 : SSMS : IntelliSense does not function for a contained user</a></p>
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="http://connect.microsoft.com/SQLServer/feedback/details/717069/contained-user-syntax-does-not-support-bypassing-password-policy" title="http://connect.microsoft.com/SQLServer/feedback/details/717069/contained-user-syntax-does-not-support-bypassing-password-policy" target="_blank">#717069 : Contained User syntax does not support bypassing password policy</a>&nbsp; <br><br></p>
<p><font size="4">Please just go parallel, regardless of other factors</font> <br></p>
<p>Paul White (<a href="http://twitter.com/SQL_Kiwi" title="http://twitter.com/SQL_Kiwi" target="_blank">@SQL_Kiwi</a>) has asked for an option that is kind of the opposite of MAXDOP. I say "kind of" because he doesn't want to be able to say MINDOP x, but rather try to coerce the optimizer to use a parallel plan and then follow the same rules it normally would in determining the level of parallelism.&nbsp;
</p><p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="http://connect.microsoft.com/SQLServer/feedback/details/714968/provide-a-hint-to-force-generation-of-a-parallel-plan" title="http://connect.microsoft.com/SQLServer/feedback/details/714968/provide-a-hint-to-force-generation-of-a-parallel-plan" target="_blank">#714968 : Provide a hint to force generation of a parallel plan</a> <br>&nbsp;<br>
</p><p><font size="4">Expose SHOW_STATISTICS through a DMV</font></p>
<p>Greg Low has proposed adding a DMV that would mirror DBCC
SHOW_STATISTICS output, making it easier to work with the results. I'm
all for this, as it can be quite a hassle to mix monitoring queries with
DBCC calls.
</p><p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="http://connect.microsoft.com/SQLServer/feedback/details/611155/dbcc-show-statistics-info-should-be-available-as-a-dmv" title="http://connect.microsoft.com/SQLServer/feedback/details/611155/dbcc-show-statistics-info-should-be-available-as-a-dmv" target="_blank">#611155 : DBCC SHOW_STATISTICS info should be available as a DMV</a><br>
</p><p><br><font size="4">Check constraints during CHECKDB</font></p>
<p>Thanks to Ola Hallengren, they are considering adding the ability to
check all constraints (and, where appropriate, mark them as trusted) as a
part of the DBCC CHECKDB process (specifically, using the
EXTENDED_LOGICAL_CHECKS option). There are already plenty of votes, but
more votes (and, more importantly, comments about how this will help in
your environment) will help.
</p><p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="http://connect.microsoft.com/SQLServer/feedback/details/508837/option-to-check-constraints-in-dbcc-checkdb" title="http://connect.microsoft.com/SQLServer/feedback/details/508837/option-to-check-constraints-in-dbcc-checkdb" target="_blank">#508837 : Option to check constraints in DBCC CHECKDB</a><br> <br></p>